Is there a way to implement oAuth flow without actually launching browser or even a webview on android?
What I want to show is a native Popup which asks user credentials and then supply it to oAuth provider.
Strictly speaking no, the main idea with OAuth is that you should never handle the user's credentials in any way.
But it depends on the provider. Twitter for example uses their own invention xAuth where you send the username and password in exchange for an access token. Twitter only allows this for applications that can motivate that need very well though.
So check with the API provider if it is possible in some way.
Recently i did some research regarding implement oAuth without using browser or webview. Nowadays some platform already has native way by using their SDK like google: https://developers.google.com/identity/sign-in/android/, linkedin : https://developer.linkedin.com/docs/android-sdk-auth#. You can search for other platform too.
Another chance i see is by using google "Firebase" : https://firebase.google.com/docs/auth/. Even though i am not yet really try to implement it, as my understanding we can create our own custom input on HTML and pass it to their Javascript oAuth SDK to do credential login transaction. Just my guess we can do it with android native interface too.
Any correction are very welcome. Thanks.
Related
Based on a research that I have made on Android login, I have found out that for Android to have a login feature, it requires a web service.
Android sends login credential to web service and will only determine whether a user's credential is valid based on the return result of the web service.
As I am currently a junior developer, I am wonder what are the other approach that modern developers used in handling Android login feature? Do they use Google Firebase, or they used web service to handle the login as well?
In addition they can use social media login such as Facebook,google...etc as another option to let user login to app if user dont like to use app web services...to add this features you have to know about OAuth 2.0 because its used by those giant tech above then go and read their docs they explain all with the details of details....also for web services check out this tut Android Login and Registration with PHP, MySQL and SQLite also you can read this A Massive Guide to Building a RESTful API for Your Mobile App
It depends on what resources you have access to. I work for a variety of enterprises and find that it is not uncommon for them to use google firebase as a login/authentication component, but many of them create their own web service to handle user login. Some use Single Sign On services like Okta.
Our Android app is a minimal wrapper around our mobile-friendly website. This is by design.
Google OAuth is one means by which users can authenticate. With the announcement that WebView's will be blocked from Google OAuth, we are now looking at how to move forward.
My current plan is:
Use a JavascriptInterface to invoke native code when someone clicks on the web app's Sign in With Google button
Use Google Sign In to authenticate the user on the mobile app side.
Somehow send this authentication to the web server. Should I just redirect the user to the existing oauth callback URL?
Step 3 is where I'm not sure what the best approach is. It's a Ruby on Rails application using Omniauth.
Are there any examples of integrating Google Sign In with an almost entirely WebView-based application? Is this approach the right way to go about it?
The solution described in Authenticate with a backend server sounds just like what you want to do in step 3, though without using the OAuth callback URL.
Unfortunately, I could not find any reference on how to use it with OmniAuth.
I followed the tutorial here: https://developers.facebook.com/docs/mobile/android/build/#enablesso
I am able to authenticate on the android side, but what I want to do is to use SSO or some sort of authentication using facebook [preferrably OAuth] to authenticate against my web application on GAE. I expect it to work something like this: blog.notdot.net/2010/05/Authenticating-against-App-Engine-from-an-Android-app
This is the sort of flow I expect:
The user starts my app, and is prompted with an option to authenticate to FB.
The FB app/web dialog opens and asks the user to confirm permissions to be given to my app.
Once that is done, FB provides me with a cookie [or something similar].
I use that cookie for subsequent requests to my web service, where I can get the username simply using:
user = oauth.get_current_user()
user.nickname()
Is anything like this possible? The problem I face is that while performing SSO, there is no place where I specify an OAuth end point. GAE provides OAuth endpoints [http://code.google.com/appengine/docs/python/oauth/overview.html], which I think I should be using. Any clue as to how I can proceed about this?
Any help is appreciated. Regards, rohan
You need to implement the server-side authentication flow: http://developers.facebook.com/docs/authentication/
I implemented it in Java: see the LeanEngine oss project. You could probably reuse the android client part: the login dialog.
This question might sound kiddish to you but I have to ask it.
I need to login from my application to my server using Facebook credentials. Is it actually possible? If the answer is yes, please guide me on this.
Facebook supports OpenID, which you can implement in your app.
http://developers.facebook.com/blog/post/246/
You can actually log in to stackoverflow using your facebook account as it uses OpenID as well.
Rohit, what Will mean is you need to implement OpenID in your server. For that you need to write couple of pages in your web app, that will take care of OpenID Authentication.. then if you want your mobile users to login using OpneID, you can simple open that webpage (where you've implemented the OpenID) from within your application using some webview component or some other relevant component whatever it may be.. track user's navigation to success page to determine user is authenticated or not.
this is one way.. in other way.. there could be other ways as well..
good luck
You can check this two link :
http://developers.facebook.com/docs/mobile/android/build/
http://developer.android.com/tools/help/adb.html#directingcommands
From this two link you will get all the information for logging , sharing using facebook from your android application.
I was wondering if anyone knows of a way I can Authenticate a Google Apps User in a Android Application?
One approach I know of is to take could take their username and password in a android view, and use the clientLogin interface (http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html).
However I was wondering if there was a different approach, maybe pushing to a browser window where it would show the google login for that domain, but I would not know how to get the details back to the application, after the authentication is done.
Any ideas on how it would be done?
I wrote up how to get a google auth token from android (works fine in any java really) so you can call app engine hosted web services as an authenticated google user:
http://javagwt.blogspot.com/2009/12/authenticating-android-app-to-google.html
hope this helps
You could also try using OAuth. It's supported by Google Apps, and has a Java client library.